US20110268274A1 - Authentication and Key Establishment in Wireless Sensor Networks - Google Patents

Authentication and Key Establishment in Wireless Sensor Networks Download PDF

Info

Publication number
US20110268274A1
US20110268274A1 US12/994,975 US99497509A US2011268274A1 US 20110268274 A1 US20110268274 A1 US 20110268274A1 US 99497509 A US99497509 A US 99497509A US 2011268274 A1 US2011268274 A1 US 2011268274A1
Authority
US
United States
Prior art keywords
key
device
based
communication
secret key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/994,975
Inventor
Ying Qiu
Jianying Zhou
Joonsang Baek
Han Chiang Tan
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Agency for Science Technology and Research Singapore
Original Assignee
Agency for Science Technology and Research Singapore
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US5656008P priority Critical
Application filed by Agency for Science Technology and Research Singapore filed Critical Agency for Science Technology and Research Singapore
Priority to PCT/SG2009/000185 priority patent/WO2009145733A1/en
Priority to US12/994,975 priority patent/US20110268274A1/en
Assigned to AGENCY FOR SCIENCE, TECHNOLOGY AND RESEARCH reassignment AGENCY FOR SCIENCE, TECHNOLOGY AND RESEARCH ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: TAN, HAN CHIANG, BAEK, JOONSANG, QIU, Ying, ZHOU, JIANYING
Publication of US20110268274A1 publication Critical patent/US20110268274A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • H04L9/0841Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols
    • H04L9/0844Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these involving Diffie-Hellman or related key agreement protocols with user authentication or key authentication, e.g. ElGamal, MTI, MQV-Menezes-Qu-Vanstone protocol or Diffie-Hellman protocols using implicitly-certified keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/80Wireless
    • H04L2209/805Lightweight hardware, e.g. radio-frequency identification [RFID] or sensor

Abstract

A wireless sensor network (WSN) and a method for establishing a communication key between devices in a WSN. The WSN comprises a first device configured for sending a request message to a second device, the request identifying at least a third device for communication with which a communication key is intended, a first random number, and a first authentication code generated using a first secret key shared between the first and second devices; the second device configured for authenticating the first authentication code based on the first secret key, for generating the communication key based on the first secret key, the first random number, and a second random number using a hash function, for sending an approval message to the third device, the approval message comprising, in encrypted form based on a second secret key shared between the second and third device, the communication key and the first and second random numbers; the third device configured for decrypting the communication key and the first and second random numbers based on the second secret key and for sending a notice message to the first device, the notice message comprising the first and the second random numbers; and the first device configured for recalculating the communication key, based on the first secret key and said received first and second random numbers using said hash function.

Description

    FIELD OF INVENTION
  • The invention broadly relates to a wireless sensor network (WSN) and to a method for establishing a communication key between devices in a WSN.
  • BACKGROUND
  • A wireless sensor network (WSN) is a wireless network comprising spatially distributed autonomous devices using sensors to cooperatively monitor physical or environmental conditions, such as temperature, sound, vibration, pressure, motion or pollutants, at different locations.
  • There are many military, industrial and civilian applications that incorporate WSNs, including industrial process monitoring and control, machine health monitoring, environment and habitat monitoring, healthcare, home automation, and traffic control.
  • A WSN typically comprises of a large number of sensor nodes (fixed and/or mobile). Sensor nodes have limited capability in terms of computation, storage, communication and power harvesting/storage.
  • Security is crucial in WSNs and basic security mechanisms and protocols that can provide protection to the services and the information flow are needed. This means that the hardware layer should be protected against node compromise, communication channels should meet certain security goals (like confidentiality, integrity and authentication), and the protocols and services of the network should be robust against any possible interference. There are typically six main challenges in establishing good security: (i) wireless nature of communication, (ii) resource limitation on sensor nodes (minimal energy, computational and communicational capabilities), (iii) typically very large and dense WSN, (iv) lack of fixed infrastructure, (v) unknown network topology prior to deployment, (vi) high risk of physical attacks to unattended sensors.
  • Several proposed authentication schemes in wireless sensor networks include Radio Resource Testing, Random Key Pre-distribution, Time Synchronized Authentication (uTESLA), One Time Signature and Public Key Authentication. However, Radio Resource Testing can only be used for non-cryptographic means and while the Random Key Pre-distribution Scheme requires small computation and communication overheads, it fairs poorly in terms of node compromise and scalability. The uTESLA scheme has the disadvantages of time synchronization and delayed authentication while One Time Signature and Public Key Authentication schemes are costly in terms of computational, communication and storage overheads.
  • Common authentication protocols used in WSNs include the (simplified) Kerberos and the Eschenauer-Gligor protocols. The Kerberos protocol is a network authentication system that uses a trusted third party (or trusted authority) to authenticate two entities by issuing a shared session key between them. The messages exchanged in Kerberos can have a payload of several kilobytes, which makes the standard Kerberos protocol impractical for use in WSNs where data transfer is extremely costly in terms of energy consumption. A simplified Kerberos protocol is available but is nonetheless still costly in terms of energy consumption. The Eschenauer-Gligor protocol relies on probabilistic key sharing among the nodes of a random graph and uses a simple shared-key discovery protocol for key distribution. However, the main disadvantages of this protocol are low probability of connecting two sensor nodes and a large number of hops. Network performance deteriorates with an increase in hops.
  • For example, a WSN can be implemented in a hospital emergency room to track the movement of patients. When a patient with a mobile sensor node moves within the premises of a hospital, its “neighbourhood” and routing path constantly changes. The sensor node needs to constantly authenticate with its new “neighbours” and establish a key for secure communication.
  • In WSNs, power efficiency is another important consideration for choosing a routing path due to the low energy capabilities of sensor nodes. Some typical policies for selecting an efficient routing path include
      • 1) Maximum Total Available Power (PA) Route: The route that has maximum total available power is preferred. The total available power is calculated by summing the available powers of each node along the route.
      • 2) Minimum Energy (ME) Consumption Route: The route that consumes minimum energy to transmit the data packets between the base station and the sensor node is chosen.
      • 3) Minimum Hop (MH) Route: The route that makes the minimum hops to reach the base station is preferred.
      • 4) Maximum-Minimum PA Node Route: The route along which the minimum PA is larger than the minimum PAs of the other routes is preferred. This scheme precludes the risk of using up a sensor node with low PA much earlier than the others because they are on a route with nodes which have very high PAs.
        Since different policies employ different routing paths, different nodes are involved when different paths are chosen. A challenge is to establish a security channel with these multitude of “unknown” routes and how to authenticate with the nodes on these multitude “unknown” routes.
  • A need therefore exists to provide an authentication and key distribution protocol for use in a Wireless Sensor Network that seeks to address at least one of the abovementioned problems.
  • SUMMARY
  • In accordance with a first aspect of the present invention there is provided a method for establishing a communication key between devices in a wireless sensor network (WSN), the method comprising the steps of sending a request message from a first device to a second device, the request identifying at least a third device for communication with which the communication key is intended, a first random number, and a first authentication code generated using a first secret key shared between the first and second devices; authenticating, at the second device, the first authentication code based on the first secret key; generating, at the second device, the communication key based on the first secret key, the first random number, and a second random number using a hash function; sending an approval message from the second device to the third device, the approval message comprising, in encrypted form based on a second secret key shared between the second and third device, the communication key and the first and second random numbers; decrypting, at the third device, the communication key and the first and second random numbers based on the second secret key; sending a notice message from the third device to the first device, the notice message comprising the first and the second random numbers; and recalculating, at the first device, the communication key, based on the first secret key and said received first and second random numbers using said hash function.
  • The first authentication code may be based on the first random number.
  • Recalculating, at the first device, the communication key may comprise verifying, at the first device, the first random number and a second authentication code, based on the first and second random numbers, received from the third device.
  • The method may further comprise assigning a lifetime to the communication key.
  • The method may further comprise storing, at the first and the third devices, said communication key in addition to one or more pre-stored shared keys.
  • In accordance with a second aspect of the present invention there is provided a wireless sensor network (WSN) comprising a first device configured for sending a request message to a second device, the request identifying at least a third device for communication with which a communication key is intended, a first random number, and a first authentication code generated using a first secret key shared between the first and second devices; the second device configured for authenticating the first authentication code based on the first secret key, for generating the communication key based on the first secret key, the first random number, and a second random number using a hash function, for sending an approval message to the third device, the approval message comprising, in encrypted form based on a second secret key shared between the second and third device, the communication key and the first and second random numbers; the third device configured for decrypting the communication key and the first and second random numbers based on the second secret key and for sending a notice message to the first device, the notice message comprising the first and the second random numbers; and the first device configured for recalculating the communication key, based on the first secret key and said received first and second random numbers using said hash function.
  • The first authentication code may be based on the first random number.
  • The first device may be configured for verifying the first random number and a second authentication key, based on the first and second random numbers, received from the third device.
  • The first and the third devices may be further configured to assign a lifetime to the communication key.
  • The first and the third devices may be further configured to store said communication key in addition to one or more pre-stored shared keys.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • Example embodiments of the invention will be better understood and readily apparent to one of ordinary skill in the art from the following written description, by way of example only, and in conjunction with the drawings, in which:
  • FIG. 1 is a flow chart illustrating a key establishment and update scheme according to an embodiment of the present invention.
  • FIG. 2 is a flow chart illustrating the steps of connecting to another node in accordance with an embodiment of the present invention.
  • FIG. 3 is a flow chart illustrating steps of a distribution mode according to an embodiment of the present invention.
  • FIG. 4 is a flow chart illustrating the steps of a method for establishing a communication key between devices in a wireless sensor network (WSN) in accordance with another embodiment of the present invention.
  • FIG. 5 illustrates the data flow between elements of a WSN according to example embodiments of the invention.
  • FIG. 6 is a schematic drawing illustrating a sensor node being implemented using a computing device.
  • DETAILED DESCRIPTION
  • An embodiment of the invention provides an authentication and key distribution protocol for use in a Wireless Sensor Network (WSN). The protocol preferably comprises 4 phases; shared key discovery; key establishment and update; authentication and encryption; and key revocation.
  • Some portions of the description which follows are explicitly or implicitly presented in terms of algorithms and functional or symbolic representations of operations on data within a computer memory. These algorithmic descriptions and functional or symbolic representations are the means used by those skilled in the data processing arts to convey most effectively the substance of their work to others skilled in the art. An algorithm, protocol or scheme is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. The steps are those requiring physical manipulations of physical quantities, such as electrical, magnetic or optical signals capable of being stored, transferred, combined, compared, and otherwise manipulated.
  • Unless specifically stated otherwise, and as apparent from the following, it will be appreciated that throughout the present specification, discussions utilizing terms such as “calculating”, “generating”, or the like, refer to the action and processes of a computer system, or similar electronic device, that manipulates and transforms data represented as physical quantities within the computer system into other data similarly represented as physical quantities within the computer system or other information storage, transmission or display devices.
  • The present specification also discloses apparatus for performing the operations of the methods. Such apparatus may be specially constructed for the required purposes, or may comprise a general purpose computer or other device selectively activated or reconfigured by a computer program stored in the computer. The algorithms, protocols or schemes and displays presented herein are not inherently related to any particular computer or other apparatus. Various general purpose machines may be used with programs in accordance with the teachings herein. Alternatively, the construction of more specialized apparatus to perform the required method steps may be appropriate. The structure of a conventional general purpose computer will appear from the description below.
  • In addition, the present specification also implicitly discloses a computer program, in that it would be apparent to the person skilled in the art that the individual steps of the method described herein may be put into effect by computer code. The computer program is not intended to be limited to any particular programming language and implementation thereof. It will be appreciated that a variety of programming languages and coding thereof may be used to implement the teachings of the disclosure contained herein. Moreover, the computer program is not intended to be limited to any particular control flow. There are many other variants of the computer program, which can use different control flows without departing from the spirit or scope of the invention.
  • Furthermore, one or more of the steps of the computer program may be performed in parallel rather than sequentially. Such a computer program may be stored on any computer readable medium. The computer readable medium may include storage devices such as magnetic or optical disks, memory chips, or other storage devices suitable for interfacing with a general purpose computer. The computer readable medium may also include a hard-wired medium such as exemplified in the Internet system, or wireless medium such as exemplified in the GSM mobile telephone system. The computer program when loaded and executed on such a general-purpose computer effectively results in an apparatus that implements the steps of the preferred method.
  • The invention may also be implemented as hardware modules. More particular, in the hardware sense, a module is a functional hardware unit designed for use with other components or modules. For example, a module may be implemented using discrete electronic components, or it can form a portion of an entire electronic circuit such as an Application Specific Integrated Circuit (ASIC). Numerous other possibilities exist. Those skilled in the art will appreciate that the system can also be implemented as a combination of hardware and software modules.
  • In an example embodiment, when a sensor node moves within the range of a WSN, the sensor node may use a key discovery protocol to find a common key with another node. In this instance, it will be appreciated by a person skilled in the art that a random pair-wise key scheme can be employed. In this scheme, there is a large pool of symmetric keys. A random subset out of this pool is distributed to each sensor node. Once any two nodes find a common shared key from their own sets, the two nodes can start to communicate with each other. As each sensor node's memory can be limited, each sensor node may only store a small set of keys randomly selected from the key pool. If the common key is not found, a key establishment phase is advantageously initiated in the example embodiment.
  • Due to the limited storage capacity of sensor nodes, a common shared key-pair may not be available between a roaming sensor node and its new neighbouring nodes. This is especially common in the circumstance of a dynamic sensor node roaming within a large WSN (e.g. in hospitals, nuclear plants). Therefore, if a common key was not found during the shared key discovery phase, a key establishment phase can be initiated. During this phase, an efficient and scalable scheme is advantageously provided to establish and update the keys among nodes in the WSN.
  • FIG. 1 is a flow chart, designated generally as reference numeral 100, illustrating a key establishment and update scheme according to an example embodiment of the present invention. When a sensor node moves to a new area in the WSN and wants to communicate with another node (router or cluster head) in the area with which it does not share a key, it first sends a request message to a base station, at step 102. The request message is in the following format:

  • req={src=ID,dst=BS,RT∥R 0 ∥MAC(K BN ,ID∥RT∥R 0)},
  • where src and dst denote a source and destination address of a message, respectively. ID is a sensor node's identification, BS and RT are identifiers for the base station and the router (or cluster head), respectively. R0 describes a random number generated by the sensor node. MAC indicates a message authentication code algorithm with a key and KBN is a shared secret key between the base station and the sensor node.
  • After receiving the req message, the base station preferably checks its revocation list if the sensor node has been revoked, at step 104. If the sensor node is acceptable, the base station verifies the MAC message at step 106. If the sensor node has been revoked, connection is terminated, at step 116. If the MAC message is verified to be correct, the base station preferably generates a session key KNR for the roaming sensor node and the router (or cluster head) at step 108. If the MAC message is not verified, connection is terminated, at step 116. The session key is in the following format:

  • K NR =H(K BN ,ID∥R 0 ∥R 1)
  • where H is a keyed one-way hash function, and R1 is a random number selected by the base station. Also at step 108, the base station sends an approval message, appv, with the session key to the router or cluster head, in the following format:

  • appv={src=BS,dst=RT,E(K BT ,ID∥R 0 ∥R 1 ∥K NR)}
  • where E is an encryption algorithm; KBT is the shared secret key between the base station and the router or cluster head.
  • After receiving the approval message, appv, the router or cluster head decrypts the payload and extracts the session key KNR and sends a notice to the sensor node at step 110. The notice is in the following format:

  • notice={src=RT,dst=ID,R 0 ∥R 1 ∥MAC(K NR ,RT∥ID∥R 0 ∥R 1)}.
  • Upon receipt of the notice message, the sensor node extracts the random numbers R0 and R1. After checking if the received random number R0 equates to the original R0, the sensor node recalculates the session key

  • K NR =H(K BN ,ID∥R 0 ∥R 1)
  • and verifies the MAC value at step 112. If the MAC message is verified to be correct, the sensor node uses this session key for subsequent communication with the other node (router or cluster head) at step 114. If the random number R0 or MAC message is incorrect, connection is terminated, at step 116. The node can be any other sensor node, router or cluster head in the WSN that the sensor node needs to establish communication with.
  • A node's identity (ID) information is used to authenticate and encrypt network traffic packets with example embodiments. In order to manage the keys in a WSN, every sensor node and router preferably maintains a table, called a key cache. Table 1 below shows an example of a key cache structure.
  • TABLE 1 Key Cache structure Key Cache in Sensor Node N Node ID Key Key Lifetime BS KBN TBN nodei KNi TNi . . . . . . . . . nodeR R0 0 . . . . . . . . . nodej KNj TNj SharedKeyx Kx Tx . . . . . . . . . SharedKeyy Ky Ty
  • FIG. 2 is a flow chart, designated generally as reference numeral 200, illustrating the steps of connecting to another node in accordance with an embodiment of the present invention. For example, when a sensor node, node N, wants to connect to another sensor node, node R, it executes the following procedure:
  • At step 202, check if there is an existing key pair between the nodes (see nodei, . . . , nodej, in Table 1 above). If there is an existing key pair, connection is established at step 216.
  • At step 204, if there is no existing key pair, the shared key discovery protocol described in the key discovery phase above is initiated to find a common key between node N and node R based on the SharedKeys (see Table 1 above) in their key caches.
  • At step 206, if there is an existing key pair, connection is established at step 216. If there is still no common key between them, the sensor node allocates an entry in the key cache, and assigns Node ID as nodeR, Key as the random number R0 and Key Lifetime as 0, at step 208. (see Table 1 above) In the event that there is no memory space for adding a new entry, the oldest key (which may also expire soon) may be deleted first.
  • At step 210, the key establishment phase is then initiated. Upon receipt of the notice message and recalculated session key KNR, the sensor node updates node R's key and key lifetime entries accordingly. The router or cluster head also updates/extends its key cache table with the session key KNR accordingly. The key lifetime is an arbitrary value and can depend on the application. For example, a key lifetime can be set at 420 seconds in accordance with the mobile network specification as in IETF RFC 3775.
  • At step 212, a check is conducted to determine if the sensor node N has left the range of node R. At step 218, when the sensor node N leaves the range of node R, the sensor node deletes the related entry from its key cache table in the example embodiment in order to save memory space. While the sensor node N remains within range of node R, the process loops back to checking the expiry of the key lifetime at step 214.
  • At step 214, when the key lifetime expires, the sensor node preferably reinitiates the procedure of key establishment. If the key lifetime is still valid, connection is established at step 216.
  • If a node is compromised, the base station preferably revokes the related keys from the database and informs the relevant nodes. The base station also maintains a key table (see Table 2 below) that includes secret keys shared with all of the sensor nodes in the network. In the event that a node is compromised and revoked, its key lifetime entry is preferably marked as negative.
  • TABLE 2 Structure of a Key Table in a base station. Key Table in Base Station Node ID Key Key Lifetime nodei KBi TBi . . . . . . . . . nodej KBj TBj
  • In an alternative embodiment of the present invention, there is provided an authentication and key distribution protocol for use in a Wireless Sensor Network (WSN) that comprises a distribution mode.
  • The distribution mode deploys a plurality of cluster heads as sub-basestations, recognizing that because cluster heads have better capability in terms of computation, storage and communication than normal sensor nodes, they can be employed as sub-basestations to reduce the number of hops required.
  • FIG. 3 is a flow chart, designated generally as reference numeral 300, illustrating steps of a distribution mode according to an embodiment of the present invention.
  • At step 302, each cluster head advantageously establishes a shared key with its neighbouring cluster heads after deployment. If a WSN's topology is known in advance, shared keys can preferably be established by embedding those keys in advance. Alternatively, if the topology is unknown in advance, the key establishment scheme described above for the key establishment phase can be used. Although the key establishment scheme may require more resources than simply embedding those keys in advance, as this is a one-time operation, the overheads may be acceptable.
  • At step 304, each sensor node stores two base station identities (IDs): one is the real base station ID; another is the sub-basestation (the cluster head) ID. Initially, the ID of the sub-basestation is preferably designated as the real base station ID.
  • At step 306, after deployment, a sensor node preferably establishes a shared key with the nearest cluster head using the key establishment scheme outlined in the key establishment phase described above.
  • At step 308, when the sensor node moves within the WSN, the same key establishment scheme is used to establish a shared key with the new cluster head, via the sub-basestation (cluster head) rather than the real base station.
  • At step 310, after successfully establishing the keys, the sensor node updates the ID of sub-basestation with the current cluster head.
  • At step 312, for security, each sensor node preferably resets its sub-basestation ID to real base station at a specified interval (for example, 420 seconds, a few hours or days, depending on the application) and re-establishes keys with its nearest cluster heads via the real base station. If the basestation does not receive any request from the sensor node, it considers the sensor node compromised.
  • In a WSN, an increase in the number of hops between 2 nodes can lead to poorer network traffic performance and more energy consumption. The distribution mode advantageously provides an efficient and low energy cost solution for establishing a shared key. The distribution mode may advantageously provide better security as it can immediately block and revoke compromised nodes.
  • FIG. 4 is a flow chart, designated generally as reference numeral 400, illustrating the steps of a method for establishing a communication key between devices in a wireless sensor network (WSN) in accordance with another embodiment of the present invention.
  • At step 402, a request message is sent from a first device to a second device, the request identifying at least a third device for communication with which the communication key is intended, a first random number, and a first authentication code generated using a first secret key shared between the first and second devices. At step 404, the first authentication code is authenticated, at the second device, based on the first secret key. At step 406, the communication key is generated, at the second device, based on the first secret key, the first random number, and a second random number using a hash function.
  • At step 408, an approval message is sent from the second device to the third device, the approval message comprising, in encrypted form based on a second secret key shared between the second and third device, the communication key and the first and second random numbers. At step 410, the communication key and the first and second random numbers are decrypted, at the third device, based on the second secret key. At step 412, a notice message is sent from the third device to the first device, the notice message comprising the first and the second random numbers. At step 414, the communication key is recalculated, at the first device, based on the first secret key and said received first and second random numbers using said hash function. The use of the first and second random numbers can advantageously prevent replay attacks.
  • FIG. 5 is a schematic illustration of a WSN 500 according to example embodiments of the invention. The WSN 500 comprises a mobile sensor node 502, a base station (or cluster head) 504 and router 506. It will be appreciated by a person skilled in the art that the type and number of devices in FIG. 5 are only for illustrative purposes. A WSN may comprise different types of devices in different numbers. The devices 502, 504 and 506 are configured for generating, transmitting, receiving, processing and authenticating data according to the description above. (see FIGS. 1-4 and their corresponding description).
  • In summary, sensor node 502 is configured for sending a request message, req, to the base station 504 (see arrow 508). The base station 504 is configured for receiving, processing and authenticating the request message and for sending an approval message, appv, to the router 506 (see arrow 510). The router 506 is configured for receiving, processing and authenticating the approval message and sending a notice to the sensor node 502 (see arrow 512). The sensor node is configured to receive, process and authenticate the notice. Thereafter, the sensor node 502 and the router 506 can advantageously securely communicate.
  • It will be appreciated by a person skilled in the art that the mobile sensor node 502, the base station (or cluster head) 504 and the router 506 can be implemented in a number of different ways, for example, as a dedicated hardware module or a computer device in order to execute the relevant generating, transmitting, receiving, processing and authenticating steps described above.
  • FIG. 6 is a schematic drawing illustrating, for example, the sensor node 502 being implemented using a computing device 600. It may be implemented as software, such as a computer program being executed within the computer system 600, and instructing the computer system 600 to conduct the method of the example embodiment.
  • The computer system 600 comprises a computer module 602 and is connected to a wireless sensor network 612 via a suitable transceiver device 614. The computer module 602 in the example includes a processor 618, a Random Access Memory (RAM) 620 and a Read Only Memory (ROM) 622. The components of the computer module 602 typically communicate via an interconnected bus 628 and in a manner known to the person skilled in the relevant art.
  • The application program is typically supplied to the user of the computer system 600 encoded on a data storage medium such as a CD-ROM or flash memory carrier and read utilising a corresponding data storage medium drive of a data storage device 630. The application program is read and controlled in its execution by the processor 618. Intermediate storage of program data may be accomplished using RAM 620.
  • It will be appreciated that both the base station 504 and router 506 can be implemented using a computing device substantially similar to that illustrated in FIG. 6 above.
  • The protocol provided by embodiments of the present invention may advantageously save communication energy compared to existing solutions. Example embodiments of the present invention may also advantageously decrease the number of hops.
  • The Eschenauer-Gligor protocol's main disadvantages are low connective probability and a large number of hops. For instance, a WSN with 10 000 nodes expects almost 14 degrees of node to ensure 99% probability of connection. If 99.999% probability is desired, 20 degrees of node is expected. However, network performance deteriorates with an increase in hops. For example, a 7 hops network typically has a very low throughput of less than 2 Kbps. Comparatively, the protocol in accordance with embodiments of the present invention may advantageously require about 3 hops between a sensor node and its nearest cluster head. As such, a higher connective probability can be achieved with less memory cost, without considerable increase in communication.
  • The protocol according to embodiments of the present invention is suitable for both static and dynamic WSNs. Any pair of nodes can advantageously establish a shared key for secure communication. A roaming sensor node preferably deals only with its closest node (router or cluster head) for security. There is advantageously no need to change the routing path to the base station. In addition, a base station may manage a revocation list for lost or compromised roaming sensor nodes. The protocol according to embodiments of the present invention also facilitates scalability and resilience against node compromise.
  • Example embodiments preferably enable a moving sensor node in a WSN to change its attached routers frequently. At the same time, the attached routers preferentially ensure that the joining moving sensor node is not a malicious sensor node. In addition, the moving sensor node also preferably establishes a security tunnel with the new route. The security scheme is also preferably highly resilient and scalable. A typical WSN may contain from hundreds to thousands of sensor nodes, therefore any scheme used should preferably be adaptable to such scales and resilient against node compromise.
  • It will be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present invention as shown in the embodiments without departing from a spirit or scope of the invention as broadly described. The embodiments are, therefore, to be considered in all respects to be illustrative and not restrictive.

Claims (10)

1. A method for establishing a communication key between devices in a wireless sensor network (WSN), the method comprising the steps of:
sending a request message from a first device to a second device, the request identifying at least a third device for communication with which the communication key is intended, a first random number, and a first authentication code generated using a first secret key shared between the first and second devices;
authenticating, at the second device, the first authentication code based on the first secret key;
generating, at the second device, the communication key based on the first secret key, the first random number, and a second random number using a hash function;
sending an approval message from the second device to the third device, the approval message comprising, in encrypted form based on a second secret key shared between the second and third device, the communication key and the first and second random numbers;
decrypting, at the third device, the communication key and the first and second random numbers based on the second secret key;
sending a notice message from the third device to the first device, the notice message comprising the first and the second random numbers; and
recalculating, at the first device, the communication key, based on the first secret key and said received first and second random numbers using said hash function.
2. The method as claimed in claim 1, wherein the first authentication code is based on the first random number.
3. The method as claimed in claim 1, wherein recalculating, at the first device, the communication key comprises verifying, at the first device, the first random number and a second authentication key, based on the first and second random numbers, received from the third device.
4. The method as claimed in claim 1, further comprising assigning a lifetime to the communication key.
5. The method as claimed in claim 1, further comprising storing, at the first and the third devices, said communication key in addition to one or more pre-stored shared keys.
6. A wireless sensor network (WSN) comprising:
a first device configured for sending a request message to a second device, the request identifying at least a third device for communication with which a communication key is intended, a first random number, and a first authentication code generated using a first secret key shared between the first and second devices;
the second device configured for authenticating the first authentication code based on the first secret key, for generating the communication key based on the first secret key, the first random number, and a second random number using a hash function, for sending an approval message to the third device, the approval message comprising, in encrypted form based on a second secret key shared between the second and third device, the communication key and the first and second random numbers;
the third device configured for decrypting the communication key and the first and second random numbers based on the second secret key and for sending a notice message to the first device, the notice message comprising the first and the second random numbers; and
the first device configured for recalculating the communication key, based on the first secret key and said received first and second random numbers using said hash function.
7. The WSN as claimed in claim 6, wherein the first authentication code is based on the first random number.
8. The WSN as claimed in claim 6, wherein the first device is configured for verifying the first random number and a second authentication key, based on the first and second random numbers, received from the third device.
9. The WSN as claimed in claim 6, wherein the first and the third devices are further configured to assign a lifetime to the communication key.
10. The WSN as claimed in claim 6, wherein the first and the third devices are further configured to store said communication key in addition to one or more pre-stored shared keys.
US12/994,975 2008-05-28 2009-05-26 Authentication and Key Establishment in Wireless Sensor Networks Abandoned US20110268274A1 (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
US5656008P true 2008-05-28 2008-05-28
PCT/SG2009/000185 WO2009145733A1 (en) 2008-05-28 2009-05-26 Authentication and key establishment in wireless sensor networks
US12/994,975 US20110268274A1 (en) 2008-05-28 2009-05-26 Authentication and Key Establishment in Wireless Sensor Networks

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/994,975 US20110268274A1 (en) 2008-05-28 2009-05-26 Authentication and Key Establishment in Wireless Sensor Networks

Publications (1)

Publication Number Publication Date
US20110268274A1 true US20110268274A1 (en) 2011-11-03

Family

ID=41377357

Family Applications (1)

Application Number Title Priority Date Filing Date
US12/994,975 Abandoned US20110268274A1 (en) 2008-05-28 2009-05-26 Authentication and Key Establishment in Wireless Sensor Networks

Country Status (3)

Country Link
US (1) US20110268274A1 (en)
AU (1) AU2009251887A1 (en)
WO (1) WO2009145733A1 (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100169399A1 (en) * 2008-12-29 2010-07-01 General Instrument Corporation Personal identification number (pin) generation between two devices in a network
US20100169646A1 (en) * 2008-12-29 2010-07-01 General Instrument Corporation Secure and efficient domain key distribution for device registration
US20100325654A1 (en) * 2009-06-17 2010-12-23 General Instrument Corporation Communicating a device descriptor between two devices when registering onto a network
US20110055553A1 (en) * 2009-08-26 2011-03-03 Lee Sung-Young Method for controlling user access in sensor networks
US20120023564A1 (en) * 2009-04-07 2012-01-26 Telefonaktiebolaget L M Ericsson (Publ) Attaching a sensor to a wsan
US20120144199A1 (en) * 2010-12-07 2012-06-07 Canon Kabushiki Kaisha Communication apparatus, control method for communication apparatus, and program
US20130061051A1 (en) * 2011-09-07 2013-03-07 Pantech Co., Ltd. Method for authenticating electronic transaction, server, and terminal
US20130117264A1 (en) * 2010-08-19 2013-05-09 Nec Corporation Object arrangement apparatus, method therefor and computer program
US20130129091A1 (en) * 2011-11-17 2013-05-23 Samsung Electronics Co., Ltd. Method and apparatus for managing security keys for communication authentication with mobile station in wireless communication system
CN103220668A (en) * 2013-05-20 2013-07-24 重庆邮电大学 Wireless sensing network dynamic key management method based on neighbor discovery
US20140120874A1 (en) * 2012-10-25 2014-05-01 Samsung Electronics Co., Ltd Method and device for managing security key for communication authentication of subscriber station used in cooperative communication of multiple base station in radio communication system
US20140140241A1 (en) * 2012-11-16 2014-05-22 Sony Mobile Communications Ab Apparatus and methods for anonymous paired device discovery in wireless communications systems
CN103856939A (en) * 2014-03-27 2014-06-11 北京工业大学 Two-stage identity authentication method based on random number
US20140219450A1 (en) * 2013-02-06 2014-08-07 I-Shou University Wireless sensor network and central node device thereof
US20150281116A1 (en) * 2014-03-27 2015-10-01 Electronics And Telecommunications Research Institute Method for setting sensor node and setting security in sensor network, and sensor network system including the same
US9392446B1 (en) * 2013-08-05 2016-07-12 Sprint Communications Company L.P. Authenticating environmental sensor systems based on security keys in communication systems
US20160315779A1 (en) * 2013-12-17 2016-10-27 Agency For Science, Technology And Research Entity Authentication in Network
US9538372B2 (en) 2014-02-28 2017-01-03 Alibaba Group Holding Limited Establishing communication between devices
US9538355B2 (en) 2008-12-29 2017-01-03 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US20170177897A1 (en) * 2012-09-21 2017-06-22 International Business Machines Corporation Sensor sharing control
US9705857B1 (en) * 2014-10-10 2017-07-11 Sprint Spectrum L.P. Securely outputting a security key stored in a UE
US20180069850A1 (en) * 2015-03-26 2018-03-08 Panasonic Intellectual Property Management Co., Ltd. Authentication method, authentication system, and communication device
CN108964896A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 A kind of Kerberos identity authorization system and method based on group key pond

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8522029B2 (en) 2010-08-05 2013-08-27 International Business Machines Corporation Secret-key exchange for wireless and sensor networks
CN103731825B (en) * 2013-12-20 2017-03-22 北京理工大学 Bridge-type-based wireless sensing network key management scheme
CN107950003A (en) * 2015-07-09 2018-04-20 诺基亚技术有限公司 Dual user certification
CN108024224A (en) * 2017-12-11 2018-05-11 朱明君 A kind of automatic aeration intelligent monitor system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050140964A1 (en) * 2002-09-20 2005-06-30 Laurent Eschenauer Method and apparatus for key management in distributed sensor networks
US20080046732A1 (en) * 2006-08-15 2008-02-21 Motorola, Inc. Ad-hoc network key management

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060159260A1 (en) * 2005-01-14 2006-07-20 Eaton Corporation Method and communication system employing secure key exchange for encoding and decoding messages between nodes of a communication network

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050140964A1 (en) * 2002-09-20 2005-06-30 Laurent Eschenauer Method and apparatus for key management in distributed sensor networks
US20080046732A1 (en) * 2006-08-15 2008-02-21 Motorola, Inc. Ad-hoc network key management

Cited By (39)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8504836B2 (en) 2008-12-29 2013-08-06 Motorola Mobility Llc Secure and efficient domain key distribution for device registration
US20100169646A1 (en) * 2008-12-29 2010-07-01 General Instrument Corporation Secure and efficient domain key distribution for device registration
US9794083B2 (en) 2008-12-29 2017-10-17 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US9538355B2 (en) 2008-12-29 2017-01-03 Google Technology Holdings LLC Method of targeted discovery of devices in a network
US9148423B2 (en) * 2008-12-29 2015-09-29 Google Technology Holdings LLC Personal identification number (PIN) generation between two devices in a network
US20100169399A1 (en) * 2008-12-29 2010-07-01 General Instrument Corporation Personal identification number (pin) generation between two devices in a network
US9154476B2 (en) * 2009-04-07 2015-10-06 Telefonaktiebolaget L M Ericsson (Publ) Attaching a sensor to a WSAN
US20120023564A1 (en) * 2009-04-07 2012-01-26 Telefonaktiebolaget L M Ericsson (Publ) Attaching a sensor to a wsan
US20100325654A1 (en) * 2009-06-17 2010-12-23 General Instrument Corporation Communicating a device descriptor between two devices when registering onto a network
US8904172B2 (en) 2009-06-17 2014-12-02 Motorola Mobility Llc Communicating a device descriptor between two devices when registering onto a network
US20110055553A1 (en) * 2009-08-26 2011-03-03 Lee Sung-Young Method for controlling user access in sensor networks
US9158808B2 (en) * 2010-08-19 2015-10-13 Nec Corporation Object arrangement apparatus for determining object destination, object arranging method, and computer program thereof
US20130117264A1 (en) * 2010-08-19 2013-05-09 Nec Corporation Object arrangement apparatus, method therefor and computer program
US20120144199A1 (en) * 2010-12-07 2012-06-07 Canon Kabushiki Kaisha Communication apparatus, control method for communication apparatus, and program
US9055428B2 (en) * 2010-12-07 2015-06-09 Canon Kabushiki Kaisha Communication apparatus, control method for communication apparatus, and program
US20130061051A1 (en) * 2011-09-07 2013-03-07 Pantech Co., Ltd. Method for authenticating electronic transaction, server, and terminal
US9380459B2 (en) * 2011-11-17 2016-06-28 Samsung Electronics Co., Ltd. Method and apparatus for managing security keys for communication authentication with mobile station in wireless communication system
US20130129091A1 (en) * 2011-11-17 2013-05-23 Samsung Electronics Co., Ltd. Method and apparatus for managing security keys for communication authentication with mobile station in wireless communication system
US20170177897A1 (en) * 2012-09-21 2017-06-22 International Business Machines Corporation Sensor sharing control
US9916470B2 (en) * 2012-09-21 2018-03-13 International Business Machines Corporation Sensor sharing control
US20140120874A1 (en) * 2012-10-25 2014-05-01 Samsung Electronics Co., Ltd Method and device for managing security key for communication authentication of subscriber station used in cooperative communication of multiple base station in radio communication system
US9654969B2 (en) * 2012-10-25 2017-05-16 Samsung Electronics Co., Ltd. Method and device for managing security key for communication authentication of subscriber station used in cooperative communication of multiple base station in radio communication system
US9088933B2 (en) * 2012-11-16 2015-07-21 Sony Corporation Apparatus and methods for anonymous paired device discovery in wireless communications systems
US20140140241A1 (en) * 2012-11-16 2014-05-22 Sony Mobile Communications Ab Apparatus and methods for anonymous paired device discovery in wireless communications systems
US20150312848A1 (en) * 2012-11-16 2015-10-29 Sony Mobile Communications Ab Apparatus and methods for anonymous paired device discovery in wireless communications systems
US9374706B2 (en) * 2013-02-06 2016-06-21 I-Shou University Wireless sensor network and central node device thereof
US20160007192A1 (en) * 2013-02-06 2016-01-07 I-Shou University Wireless sensor network and central node device thereof
US20140219450A1 (en) * 2013-02-06 2014-08-07 I-Shou University Wireless sensor network and central node device thereof
US9060265B2 (en) * 2013-02-06 2015-06-16 I-Shou University Wireless sensor network and central node device thereof
CN103220668A (en) * 2013-05-20 2013-07-24 重庆邮电大学 Wireless sensing network dynamic key management method based on neighbor discovery
US9392446B1 (en) * 2013-08-05 2016-07-12 Sprint Communications Company L.P. Authenticating environmental sensor systems based on security keys in communication systems
US20160315779A1 (en) * 2013-12-17 2016-10-27 Agency For Science, Technology And Research Entity Authentication in Network
US10230532B2 (en) * 2013-12-17 2019-03-12 Agency For Science, Technology And Research Entity authentication in network
US9538372B2 (en) 2014-02-28 2017-01-03 Alibaba Group Holding Limited Establishing communication between devices
US20150281116A1 (en) * 2014-03-27 2015-10-01 Electronics And Telecommunications Research Institute Method for setting sensor node and setting security in sensor network, and sensor network system including the same
CN103856939A (en) * 2014-03-27 2014-06-11 北京工业大学 Two-stage identity authentication method based on random number
US9705857B1 (en) * 2014-10-10 2017-07-11 Sprint Spectrum L.P. Securely outputting a security key stored in a UE
US20180069850A1 (en) * 2015-03-26 2018-03-08 Panasonic Intellectual Property Management Co., Ltd. Authentication method, authentication system, and communication device
CN108964896A (en) * 2018-06-28 2018-12-07 如般量子科技有限公司 A kind of Kerberos identity authorization system and method based on group key pond

Also Published As

Publication number Publication date
AU2009251887A1 (en) 2009-12-03
WO2009145733A1 (en) 2009-12-03

Similar Documents

Publication Publication Date Title
US10305695B1 (en) System and method for secure relayed communications from an implantable medical device
Fang et al. Security for 5G mobile wireless networks
US9113330B2 (en) Wireless authentication using beacon messages
US9735957B2 (en) Group key management and authentication schemes for mesh networks
Zhang et al. SeDS: Secure data sharing strategy for D2D communication in LTE-Advanced networks
JP6406681B2 (en) System and method for pre-association service discovery
Seo et al. Effective key management in dynamic wireless sensor networks
US9608967B2 (en) Method and system for establishing a session key
US8688041B2 (en) Methods and apparatus for secure, portable, wireless and multi-hop data networking
Luo et al. URSA: ubiquitous and robust access control for mobile ad hoc networks
US8533472B2 (en) Terminal identification method, authentication method, authentication system, server, terminal, wireless base station, program, and recording medium
Zhou et al. Securing wireless sensor networks: a survey
Rasheed et al. The three-tier security scheme in wireless sensor networks with mobile sinks
Lou et al. SPREAD: Improving network security by multipath routing in mobile ad hoc networks
Zhu et al. LEAP+ Efficient security mechanisms for large-scale distributed sensor networks
Traynor et al. Efficient hybrid security mechanisms for heterogeneous sensor networks
US10601594B2 (en) End-to-end service layer authentication
Song et al. AnonDSR: efficient anonymous dynamic source routing for mobile ad-hoc networks
KR101054202B1 (en) Secure authentication and key management within infrastructure-based wireless multihop networks
US8983066B2 (en) Private pairwise key management for groups
US9557188B2 (en) Method and system for using relationship information from a social network to enable mobile device communications in a privacy enhanced network
US7581095B2 (en) Mobile-ad-hoc network including node authentication features and related methods
Zhu et al. GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks
Yang et al. Securing a wireless world
Zhang et al. Location-based compromise-tolerant security mechanisms for wireless sensor networks

Legal Events

Date Code Title Description
AS Assignment

Owner name: AGENCY FOR SCIENCE, TECHNOLOGY AND RESEARCH, SINGA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:QIU, YING;ZHOU, JIANYING;BAEK, JOONSANG;AND OTHERS;SIGNING DATES FROM 20110310 TO 20110406;REEL/FRAME:026626/0792

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION